If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

W32/Frethem.l@MM

A friend of mine send me a "Decrypt-password.exe" and a text file called "Password.txt"
today and I wondered why he did so. Then some other friends of my friend and me send me this "Decrypt-password.exe", too. Forwarded from my friends account. My antivir didnt cry but I prefered to search the web and so I found out.

I heard about this a few days ago. This is actually a varient of W32/FrethemB@MM. I actually heard of another variant ...FrethemK... today. Symantec has released new updates which find both of these, plus all other known variants. If you use Norton and there are no new LiveUpdate definitions, just download the Intelligent Updater version here:

Several of the users on my network have been receiving this worm. Actually, the worm never made it through but was caught by our AV software. This worm isn't dangerous, just another one of those things you get tired of seeing after a while.

Hmmm...interesting, the SNORT filters I have had been detecting it as a KLEZ worm...don't see any reference to it in the article. Might have to check up on this, must have some common packet fields in it or maybe it is a variant...

Neb

There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

there seems to be a fix for the W32/Frethem and the other varients of the virus on the PANDA website ie. http://www.pandasoftware.com
I have run the " fix " and have yet to learn if the virus has been totally elliminated.

Another example of why norton rules, it truly does rule. BTW Does anybody know any other names these worm mailings go by? Instead of decrypt.exe and password.txt? Just want to be safe. I'll probably have to check the symantec site though. And one more question that I've been wondering about for a long time, what lang are viruses written in? I'm just curious here, because it seems to be one question I've never heard asked or answered.